#rokrat — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #rokrat, aggregated by home.social.
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware – Source:hackread.com https://ciso2ciso.com/north-koreas-scarcruft-targets-academics-with-rokrat-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #HanKookPhantom #cybersecurity #CyberAttack #NorthKorea #ScarCruft #Hackread #Phishing #security #malware #RokRAT #APT37
-
North Korea’s ScarCruft Targets Academics With RokRAT Malware https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/ #HanKookPhantom #Cybersecurity #CyberAttack #NorthKorea #ScarCruft #Security #Phishing #Malware #RokRAT #APT37
-
North Korea-linked ScarCruft is using spear-phishing with RokRAT malware to spy on academics, dubbed the #HanKookPhantom campaign.
Read: https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/
-
Took a look back at some of North Korea's #ROKRAT malware payload delivery mechanisms in my latest blog post:
-
Happy Tuesday everyone!
#APT37, aka #ScarCruft, is at it again! SentinelOne researchers noticed that they are targeting media organizations and others that are associated with North Korean affairs. The group leverages .LNK files, zip files, and phishing emails.
I found this article most interesting because of the multiple types of file formats that were used, to include .bat and .dat files, involved in the campaign. They also use a custom backdoor known as #RokRat to aid in their attack. This is a great article and worth the time! Enjoy and Happy Hunting!
Notable MITRE ATT&CK TTPs and Behaviors:
TA0001 - Initial Access
T1566.001 - Phishing: Spearphishing AttachmentTA0002 - Execution
T1059.001 - Command And Scripting Interpreter: Powershell
T1204.001 - User Execution: Malicious Link#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #gethunting
-
NEW research on my blog!
The evolution of North Korean threat group #APT37's Android spyware: #ROKRAT & #RambleOn
In this research I perform a comparative analysis between ROKRAT & RambleOn, North Korean threat group APT37's Android malware.
Link: https://www.0x0v1.com/the-evolution-of-apt37s-rokrat-rambleon-android-spyware/
#threatintel #apt #reverseengineering #malware #spyware #northkorea
-
Just uploaded my #APT37 #ROKRAT shellcode decrypter script to my github. Hope this helps malware researchers out there
https://github.com/0x0v1/MalwareRETools/tree/main/APT37/ROKRAT
-
I just published a script that will assist malware researchers looking at #APT37's #ROKRAT to decode the PS reflection portion of the loader phase. It gives analysts the option to pull shellcode from the payload delivery host quickly for timely analysis.
https://github.com/0x0v1/MalwareRETools/tree/main/APT37/ROKRAT
I will later publish a script to deencrypt the shellcode for analysis - just need to clean a few things up in it.
-
Happy Tuesday everyone! #APT37 is the topic of today's #readoftheday, specifically ThreatMon takes a deep-dive into the #RokRat malware, which is a remote access trojan (RAT). Enjoy and Happy Hunting!
Link to article in the comments!
***AS usual I am going to leave one of the MITRE ATT&CK blank. I would like to see if any of you that see this can help FILL in that blank! If so, leave your thoughts in the comments OR send me a DM!***
Notable MITRE ATT&CK TTPs:
TA0007 - Discovery
T1087 - Account Discovery
T1083 - File and Directory Discovery
T1018 - Remote System Discovery
T1082 - System Information DiscoveryTA0009 - Collection
T[What technique covers the threat actor capturing information under the TEMP folder?] - Good luck!TA0011 - Command And Control
T1071.001 - Application Layer Protocol: Web ProtocolsTA0002 - Execution
T1059.003 - Command and Scripting Interpreter: Windows Command Shell#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting